HOME

TheInfoList



Click Here for Items Related To - Doppelganger Domain
OR:
Doppelganger Domain on:   [Wikipedia]   [Google]   [Amazon]

A doppelganger domain is a domain spelled identical to a legitimate
fully qualified domain name A fully qualified domain name (FQDN), sometimes also referred to as an ''absolute domain name'', is a domain name that specifies its exact location in the tree hierarchy of the Domain Name System (DNS). It specifies all domain levels, including th ...
(FQDN) but missing the dot between
host A host is a person responsible for guests at an event or for providing hospitality during it. Host may also refer to: Places * Host, Pennsylvania, a village in Berks County People *Jim Host (born 1937), American businessman * Michel Host ...
/ subdomain and domain, to be used for malicious purposes.


Overview

Typosquatting Typosquatting, also called URL hijacking, a sting site, or a fake URL, is a form of cybersquatting, and possibly brandjacking which relies on mistakes such as typos made by Internet users when inputting a website address into a web browser. Shoul ...
's traditional
attack vector In computer security, an attack vector is a specific path, method, or scenario that can be exploited to break into an IT system, thus compromising its security. The term was derived from the corresponding notion of vector in biology. An attack ve ...
is through the web to distribute malware or harvest credentials. Other vectors such as email and
remote access service A remote access service (RAS) is any combination of hardware and software to enable the remote access tools or information that typically reside on a network of IT devices. A remote access service connects a client to a host computer, known as a ...
s such as
SSH The Secure Shell Protocol (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution. SSH applications are based on ...
, RDP, and
VPN A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. The be ...
also can be leveraged. In a
whitepaper A white paper is a report or guide that informs readers concisely about a complex issue and presents the issuing body's philosophy on the matter. It is meant to help readers understand an issue, solve a problem, or make a decision. A white pape ...
by Godai Group on doppelganger domains, they demonstrated that numerous emails can be harvested without anyone noticing.


Example

If someone's
email address An email address identifies an email box to which messages are delivered. While early messaging systems used a variety of formats for addressing, today, email addresses follow a set of specific rules originally standardized by the Internet Engineer ...
is "someone@finance.somecompany.example", the doppelganger domain would be "financesomecompany.example". Hence, if someone is trying to send an
email Electronic mail (email or e-mail) is a method of exchanging messages ("mail") between people using electronic devices. Email was thus conceived as the electronic ( digital) version of, or counterpart to, mail, at a time when "mail" mean ...
to that user and they forget the dot after "finance" (someone@financesomecompany.example), it would go to the doppelganger domain instead of the legitimate user.


See also

* * * *


References


External links

* * URL Network addressing Cybercrime Trademark law Nonstandard spelling {{malware-stub